From 130ad6ff63ae60dcbb383450e086a74325eee963 Mon Sep 17 00:00:00 2001 From: Nicolas Constant Date: Sat, 6 Feb 2021 00:11:11 -0500 Subject: [PATCH 1/3] fix sig and user retrieval, fix #84 --- .../Regexes/HeaderRegexes.cs | 9 ++++ src/BirdsiteLive.Domain/ActivityPubService.cs | 2 +- src/BirdsiteLive.Domain/UserService.cs | 7 +-- src/BirdsiteLive.sln | 9 +++- .../BirdsiteLive.Common.Tests.csproj | 20 +++++++ .../Regexes/HeaderRegexTests.cs | 53 +++++++++++++++++++ 6 files changed, 95 insertions(+), 5 deletions(-) create mode 100644 src/BirdsiteLive.Common/Regexes/HeaderRegexes.cs create mode 100644 src/Tests/BirdsiteLive.Common.Tests/BirdsiteLive.Common.Tests.csproj create mode 100644 src/Tests/BirdsiteLive.Common.Tests/Regexes/HeaderRegexTests.cs diff --git a/src/BirdsiteLive.Common/Regexes/HeaderRegexes.cs b/src/BirdsiteLive.Common/Regexes/HeaderRegexes.cs new file mode 100644 index 0000000..b98818c --- /dev/null +++ b/src/BirdsiteLive.Common/Regexes/HeaderRegexes.cs @@ -0,0 +1,9 @@ +using System.Text.RegularExpressions; + +namespace BirdsiteLive.Common.Regexes +{ + public class HeaderRegexes + { + public static readonly Regex HeaderSignature = new Regex(@"^([a-zA-Z0-9]+)=""(.+)""$"); + } +} \ No newline at end of file diff --git a/src/BirdsiteLive.Domain/ActivityPubService.cs b/src/BirdsiteLive.Domain/ActivityPubService.cs index 4d8fc54..53c656c 100644 --- a/src/BirdsiteLive.Domain/ActivityPubService.cs +++ b/src/BirdsiteLive.Domain/ActivityPubService.cs @@ -40,7 +40,7 @@ public ActivityPubService(ICryptoService cryptoService, InstanceSettings instanc public async Task GetUser(string objectId) { var httpClient = _httpClientFactory.CreateClient(); - httpClient.DefaultRequestHeaders.Add("Accept", "application/json"); + httpClient.DefaultRequestHeaders.Add("Accept", "application/activity+json"); var result = await httpClient.GetAsync(objectId); var content = await result.Content.ReadAsStringAsync(); return JsonConvert.DeserializeObject(content); diff --git a/src/BirdsiteLive.Domain/UserService.cs b/src/BirdsiteLive.Domain/UserService.cs index b666c29..713563f 100644 --- a/src/BirdsiteLive.Domain/UserService.cs +++ b/src/BirdsiteLive.Domain/UserService.cs @@ -7,6 +7,7 @@ using System.Threading.Tasks; using BirdsiteLive.ActivityPub; using BirdsiteLive.ActivityPub.Converters; +using BirdsiteLive.Common.Regexes; using BirdsiteLive.Common.Settings; using BirdsiteLive.Cryptography; using BirdsiteLive.Domain.BusinessUseCases; @@ -239,11 +240,11 @@ private async Task ValidateSignature(string actor, st var signature_header = new Dictionary(); foreach (var signature in signatures) { - var splitSig = signature.Replace("\"", string.Empty).Split('='); - signature_header.Add(splitSig[0], splitSig[1]); + var m = HeaderRegexes.HeaderSignature.Match(signature); + signature_header.Add(m.Groups[1].ToString(), m.Groups[2].ToString()); } - signature_header["signature"] = signature_header["signature"] + "=="; + //signature_header["signature"] = signature_header["signature"] + "=="; var key_id = signature_header["keyId"]; var headers = signature_header["headers"]; diff --git a/src/BirdsiteLive.sln b/src/BirdsiteLive.sln index 0a35bf6..1e9d65b 100644 --- a/src/BirdsiteLive.sln +++ b/src/BirdsiteLive.sln @@ -39,7 +39,9 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "BirdsiteLive.Domain.Tests", EndProject Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "BirdsiteLive.Pipeline.Tests", "Tests\BirdsiteLive.Pipeline.Tests\BirdsiteLive.Pipeline.Tests.csproj", "{BF51CA81-5A7A-46F8-B4FB-861C6BE59298}" EndProject -Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "BirdsiteLive.DAL.Tests", "Tests\BirdsiteLive.DAL.Tests\BirdsiteLive.DAL.Tests.csproj", "{5A1E3EB5-6CBB-470D-8A0D-10F8C18353D5}" +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "BirdsiteLive.DAL.Tests", "Tests\BirdsiteLive.DAL.Tests\BirdsiteLive.DAL.Tests.csproj", "{5A1E3EB5-6CBB-470D-8A0D-10F8C18353D5}" +EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "BirdsiteLive.Common.Tests", "Tests\BirdsiteLive.Common.Tests\BirdsiteLive.Common.Tests.csproj", "{C69F7582-6050-44DC-BAAB-7C8F0BDA525C}" EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution @@ -107,6 +109,10 @@ Global {5A1E3EB5-6CBB-470D-8A0D-10F8C18353D5}.Debug|Any CPU.Build.0 = Debug|Any CPU {5A1E3EB5-6CBB-470D-8A0D-10F8C18353D5}.Release|Any CPU.ActiveCfg = Release|Any CPU {5A1E3EB5-6CBB-470D-8A0D-10F8C18353D5}.Release|Any CPU.Build.0 = Release|Any CPU + {C69F7582-6050-44DC-BAAB-7C8F0BDA525C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {C69F7582-6050-44DC-BAAB-7C8F0BDA525C}.Debug|Any CPU.Build.0 = Debug|Any CPU + {C69F7582-6050-44DC-BAAB-7C8F0BDA525C}.Release|Any CPU.ActiveCfg = Release|Any CPU + {C69F7582-6050-44DC-BAAB-7C8F0BDA525C}.Release|Any CPU.Build.0 = Release|Any CPU EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE @@ -126,6 +132,7 @@ Global {F544D745-89A8-4DEA-B61C-A7E6C53C1D63} = {A32D3458-09D0-4E0A-BA4B-8C411B816B94} {BF51CA81-5A7A-46F8-B4FB-861C6BE59298} = {A32D3458-09D0-4E0A-BA4B-8C411B816B94} {5A1E3EB5-6CBB-470D-8A0D-10F8C18353D5} = {A32D3458-09D0-4E0A-BA4B-8C411B816B94} + {C69F7582-6050-44DC-BAAB-7C8F0BDA525C} = {A32D3458-09D0-4E0A-BA4B-8C411B816B94} EndGlobalSection GlobalSection(ExtensibilityGlobals) = postSolution SolutionGuid = {69E8DCAD-4C37-4010-858F-5F94E6FBABCE} diff --git a/src/Tests/BirdsiteLive.Common.Tests/BirdsiteLive.Common.Tests.csproj b/src/Tests/BirdsiteLive.Common.Tests/BirdsiteLive.Common.Tests.csproj new file mode 100644 index 0000000..0a52603 --- /dev/null +++ b/src/Tests/BirdsiteLive.Common.Tests/BirdsiteLive.Common.Tests.csproj @@ -0,0 +1,20 @@ + + + + netcoreapp3.1 + + false + + + + + + + + + + + + + + diff --git a/src/Tests/BirdsiteLive.Common.Tests/Regexes/HeaderRegexTests.cs b/src/Tests/BirdsiteLive.Common.Tests/Regexes/HeaderRegexTests.cs new file mode 100644 index 0000000..8c906ea --- /dev/null +++ b/src/Tests/BirdsiteLive.Common.Tests/Regexes/HeaderRegexTests.cs @@ -0,0 +1,53 @@ +using BirdsiteLive.Common.Regexes; +using Microsoft.VisualStudio.TestTools.UnitTesting; + +namespace BirdsiteLive.Common.Tests +{ + [TestClass] + public class HeaderRegexTests + { + [TestMethod] + public void KeyId_Test() + { + var input = @"keyId=""https://misskey.tdl/users/8hwf6zy2k1#main-key"""; + + Assert.IsTrue(HeaderRegexes.HeaderSignature.IsMatch(input)); + var result = HeaderRegexes.HeaderSignature.Match(input); + Assert.AreEqual("keyId", result.Groups[1].ToString()); + Assert.AreEqual("https://misskey.tdl/users/8hwf6zy2k1#main-key", result.Groups[2].ToString()); + } + + [TestMethod] + public void Algorithm_Test() + { + var input = @"algorithm=""rsa-sha256"""; + + Assert.IsTrue(HeaderRegexes.HeaderSignature.IsMatch(input)); + var result = HeaderRegexes.HeaderSignature.Match(input); + Assert.AreEqual("algorithm", result.Groups[1].ToString()); + Assert.AreEqual("rsa-sha256", result.Groups[2].ToString()); + } + + [TestMethod] + public void Target_Test() + { + var input = @"headers=""(request-target) date host digest"""; + + Assert.IsTrue(HeaderRegexes.HeaderSignature.IsMatch(input)); + var result = HeaderRegexes.HeaderSignature.Match(input); + Assert.AreEqual("headers", result.Groups[1].ToString()); + Assert.AreEqual("(request-target) date host digest", result.Groups[2].ToString()); + } + + [TestMethod] + public void Signature_Test() + { + var input = @"signature=""ISxp4HYhkGc83SsCC3zNZMVKBota7HqgWVg6KwaQVTQcUqt+UsWXPxB0XPhaYkqLnH3hJ+KVMdoEn3rbzcw8XZpjVt48o9OAKd0rsEZYkLoERnnFFhEw0GmVDEhdoU7gyoeOreWGsIca6Pf7TC0vGTtqez31zmvoeXvxHgqRhWQvlZM/ovFR2xN+vhmF7rZdkd6UaKOzy21K8B/Q84J7PWdbJ8i0rKieVPDIuTCy5B0iQpgs1TMaz6xKZR/KVzAr207m9Gkku2gnJ4YZHFuoa2ct5M5AtIPMPCsWTU8yaimTkPdNNezSOKV5a7T55HSvFeopLNcQKsWNMioKGpZP5hCIRKNk0Ekx0yDReE6xF/qliT7eSAGVJ/6sLQjBpBFMPKBNOrYTxueBJGtISjCZlxaIyTtJ1ErNuCrKHGjImpNvvJzTJOtu+vWnjTcUJL7N1Mw7PEreCZrNUyNuAldDWSMAFuD4HVA3+KZjpWCfjAbyelzVy2gs96CyE56o9FqJEaM5XVQhsMTpa8OSHdr2QZtKYw7Wng0d8vmbKEX1pdTVeEIhi4M9js39ZdzB4mb8JXSBE/GA6PoE5s+oH3+GoufzJYINCpk0Ulwo9g7HKm9NATnwEZZPq4NKto5mSYZKYRtqjZaa8lIALNhdvzv2+8+ifPLHlOigAUVqoupd9Aq="""; + + Assert.IsTrue(HeaderRegexes.HeaderSignature.IsMatch(input)); + var result = HeaderRegexes.HeaderSignature.Match(input); + Assert.AreEqual("signature", result.Groups[1].ToString()); + Assert.AreEqual("ISxp4HYhkGc83SsCC3zNZMVKBota7HqgWVg6KwaQVTQcUqt+UsWXPxB0XPhaYkqLnH3hJ+KVMdoEn3rbzcw8XZpjVt48o9OAKd0rsEZYkLoERnnFFhEw0GmVDEhdoU7gyoeOreWGsIca6Pf7TC0vGTtqez31zmvoeXvxHgqRhWQvlZM/ovFR2xN+vhmF7rZdkd6UaKOzy21K8B/Q84J7PWdbJ8i0rKieVPDIuTCy5B0iQpgs1TMaz6xKZR/KVzAr207m9Gkku2gnJ4YZHFuoa2ct5M5AtIPMPCsWTU8yaimTkPdNNezSOKV5a7T55HSvFeopLNcQKsWNMioKGpZP5hCIRKNk0Ekx0yDReE6xF/qliT7eSAGVJ/6sLQjBpBFMPKBNOrYTxueBJGtISjCZlxaIyTtJ1ErNuCrKHGjImpNvvJzTJOtu+vWnjTcUJL7N1Mw7PEreCZrNUyNuAldDWSMAFuD4HVA3+KZjpWCfjAbyelzVy2gs96CyE56o9FqJEaM5XVQhsMTpa8OSHdr2QZtKYw7Wng0d8vmbKEX1pdTVeEIhi4M9js39ZdzB4mb8JXSBE/GA6PoE5s+oH3+GoufzJYINCpk0Ulwo9g7HKm9NATnwEZZPq4NKto5mSYZKYRtqjZaa8lIALNhdvzv2+8+ifPLHlOigAUVqoupd9Aq=", result.Groups[2].ToString()); + } + } +} From 6d5fe3089ee8b661fd8284217ca4f3a344636b4a Mon Sep 17 00:00:00 2001 From: Nicolas Constant Date: Sat, 6 Feb 2021 00:13:38 -0500 Subject: [PATCH 2/3] clean up --- src/BirdsiteLive.Domain/UserService.cs | 33 +++++++------------------- 1 file changed, 8 insertions(+), 25 deletions(-) diff --git a/src/BirdsiteLive.Domain/UserService.cs b/src/BirdsiteLive.Domain/UserService.cs index 713563f..a72f017 100644 --- a/src/BirdsiteLive.Domain/UserService.cs +++ b/src/BirdsiteLive.Domain/UserService.cs @@ -244,29 +244,20 @@ private async Task ValidateSignature(string actor, st signature_header.Add(m.Groups[1].ToString(), m.Groups[2].ToString()); } - //signature_header["signature"] = signature_header["signature"] + "=="; - var key_id = signature_header["keyId"]; var headers = signature_header["headers"]; var algorithm = signature_header["algorithm"]; var sig = Convert.FromBase64String(signature_header["signature"]); - + // Retrieve User var remoteUser = await _activityPubService.GetUser(actor); + // Prepare Key data var toDecode = remoteUser.publicKey.publicKeyPem.Trim().Remove(0, remoteUser.publicKey.publicKeyPem.IndexOf('\n')); toDecode = toDecode.Remove(toDecode.LastIndexOf('\n')).Replace("\n", ""); var signKey = ASN1.ToRSA(Convert.FromBase64String(toDecode)); var toSign = new StringBuilder(); - //var comparisonString = headers.Split(' ').Select(signed_header_name => - //{ - // if (signed_header_name == "(request-target)") - // return "(request-target): post /inbox"; - // else - // return $"{signed_header_name}: {r.Headers[signed_header_name.ToUpperInvariant()]}"; - //}); - foreach (var headerKey in headers.Split(' ')) { if (headerKey == "(request-target)") toSign.Append($"(request-target): {method.ToLower()} {path}{queryString}\n"); @@ -274,21 +265,13 @@ private async Task ValidateSignature(string actor, st } toSign.Remove(toSign.Length - 1, 1); - //var signKey = ASN1.ToRSA(Convert.FromBase64String(toDecode)); - - //new RSACryptoServiceProvider(keyId.publicKey.publicKeyPem); - - //Create a new instance of RSACryptoServiceProvider. - RSACryptoServiceProvider key = new RSACryptoServiceProvider(); - - //Get an instance of RSAParameters from ExportParameters function. - RSAParameters RSAKeyInfo = key.ExportParameters(false); - - //Set RSAKeyInfo to the public key values. - RSAKeyInfo.Modulus = Convert.FromBase64String(toDecode); - - key.ImportParameters(RSAKeyInfo); + // Import key + var key = new RSACryptoServiceProvider(); + var rsaKeyInfo = key.ExportParameters(false); + rsaKeyInfo.Modulus = Convert.FromBase64String(toDecode); + key.ImportParameters(rsaKeyInfo); + // Trust and Verify var result = signKey.VerifyData(Encoding.UTF8.GetBytes(toSign.ToString()), sig, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); return new SignatureValidationResult() From c02b4804f5d0d186ded344692c40e0ee84b3750d Mon Sep 17 00:00:00 2001 From: Nicolas Constant Date: Sat, 6 Feb 2021 00:14:14 -0500 Subject: [PATCH 3/3] road to 0.14.0 --- src/BirdsiteLive/BirdsiteLive.csproj | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/BirdsiteLive/BirdsiteLive.csproj b/src/BirdsiteLive/BirdsiteLive.csproj index e23687f..346a936 100644 --- a/src/BirdsiteLive/BirdsiteLive.csproj +++ b/src/BirdsiteLive/BirdsiteLive.csproj @@ -4,7 +4,7 @@ netcoreapp3.1 d21486de-a812-47eb-a419-05682bb68856 Linux - 0.13.1 + 0.14.0